Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

revert force-set of CORS header on cache misses #85

Merged
merged 1 commit into from
Feb 21, 2024
Merged

revert force-set of CORS header on cache misses #85

merged 1 commit into from
Feb 21, 2024

Conversation

pirtleshell
Copy link
Member

CORs headers are expected to be managed by the backend. However, for cached requests, we want to ensure that CORs is being set properly. This commit reverts setting the CORs header on cache misses. Additionally, it removes the tests that expect a CORs header on cache misses.

@pirtleshell
revert force-set of CORS header on cache misses
8dca990 
CORs headers are expected to be managed by the backend. However, for
cached requests, we want to ensure that CORs is being set properly.
This commit reverts setting the CORs header on cache misses.
Additionally, it removes the tests that expect a CORs header on cache misses.
pirtleshell
pirtleshell commented Feb 21, 2024
View reviewed changes
service/middleware.go
Comment on lines -284 to -288
// add CORS headers (if not already added)
accessControlAllowOriginValue := config.GetAccessControlAllowOriginValue(r.Host)
if w.Header().Get("Access-Control-Allow-Origin") == "" && accessControlAllowOriginValue != "" {
w.Header().Set("Access-Control-Allow-Origin", accessControlAllowOriginValue)
}
Copy link
Member Author

@pirtleshell pirtleshell Feb 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this addition caused the CORs header to be set twice on live deployments (once here, then again from the backend). removing it gives full power to the backend to set all headers.

this is kept for cache hits (the above if block) because we want to ensure correct CORs headers are set for responses that get cached without them. tests are updated to only require CORs header on cache hit tests (locally they do not get the header, but in live deployments nginx sets it).

@pirtleshell pirtleshell merged commit ef48922 into main Feb 21, 2024
4 checks passed
@pirtleshell pirtleshell deleted the rp-fix-double-cors branch February 21, 2024 19:24
@evgeniy-scherbina
Copy link
Contributor

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evgeniy-scherbina evgeniy-scherbina evgeniy-scherbina approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pirtleshell @evgeniy-scherbina